Target’s Data Breach: What Customers Need to Know

Target has been hit by what could turn out to be one of the largest cases of financial-data theft ever recorded. The retailer said Thursday morning that hackers may have stolen the details of up to 40 million credit and debit cards used at its stores in recent weeks.

If you shopped at Target over the Black Friday weekend and the days after, here’s what you need to know.

Who needs to worry about this:
Target says people who shopped at its U.S. stores between Nov. 27 and Dec. 15 could have had their payment-card information compromised (people who paid with cash, of course, need not worry). If you shopped at a Target store outside the U.S. or in Canada, don’t worry about it — and the same goes for anyone who shopped on the Target website. This was an in-store issue.

This applies to all debit and credit cards used at the store, not just Target-branded cards.

What could happen if your card was compromised:
In theory, the card details could be used to make payments that would be charged to your account. Potentially, depending on how much information was stolen, the data could be used to clone your card, making a copy that could be used in stores or at ATMs.

The information stolen is limited to what’s available to the card-reading device at the store: your name, card number, expiration date and security code (the three digit code usually on the back of the card). Depending on how the readers were compromised, PIN codes may have also been taken — Target has yet to make clear exactly how the hack worked and whether it included accessing PINs.

What to do about it:
Keep a close eye on your bank statements for anything that looks suspicious – you should be doing this anyway, but now’s a good time to give a closer inspection. Big banks today have fairly sophisticated systems for detecting suspicious transactions and will often notify customers if any purchases appear fraudulent. Either way, if you spot anything that looks wrong on your statement, get in touch with your bank — they all have a process to cancel such transactions.

If there’s nothing suspicious on your account but you used a card at Target during the dates listed above, you can get your bank to cancel it and make you a new one. That will provide some peace of mind, but just remember to update your new card details with any service where you have a recurring payment scheduled: online subscriptions, utilities, phone, etc.

If you use the PIN code on your card as a password for other sensitive services, it’s probably a good idea to change those passwords.

Why you shouldn’t worry too much:
Card users aren’t liable for any unauthorized charges made to their accounts, however you or your bank need to identify such purchases. Getting a fraudulent charge reversed can take a little bit of time and effort, but ultimately, you’re not going to be on the hook for anything charged to your account by hackers.

Is this still a problem affecting Target?
The company says it has identified the source of the hack and dealt with it, and that its systems are secure again.